Modern computers are often interconnected to form networks that enable various forms of interaction, such as file transfer, web browsing, or e-mail. Many of these networks, including the Internet, are based on the layered Transmission Control Protocol over Internet Protocol (TCP/IP) model. These and other types of networks can be organized according to the more extensive Open Systems Interconnection (OSI) model set forth by the International Standards Organization (ISO).
The lowest two layers of the TCP/IP and OSI models are the physical layer and the data link layer. The physical layer defines the electrical and mechanical connections to the network. The data link layer performs fragmentation and error checking using the physical layer to provide an error-free virtual channel to the third layer.
The third layer is known as the network layer. This layer determines routing of packets of data from sender to receiver via the data link layer. In the TCP/IP model, this layer employs the Internet Protocol (IP).
The fourth layer is the transport layer. This layer uses the network layer to establish and dissolve virtual, error-free, point-to-point connections, such that messages sent by one computer will arrive uncorrupted and in the correct order at another computer. The fourth layer can also use port numbers to multiplex several types of virtual connections through a path to a same machine. In the TCP/IP model, this layer employs the Transfer Control Protocol (TCP).
Network services such as File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), and Simple Mail Transfer Protocol (SMTP) can be viewed as residing at one or more higher levels in the hierarchical model (e.g., Level 5 through Level 7). These services use the communication functionality provided by the lower levels to communicate over the network.
TCP/IP functionality can be provided to processes running on a node computer through an interface known as the sockets interface. This interface provides libraries that allow for the creation of individual communications end-points called “sockets.” Each of these sockets has an associated socket address that includes a port number and the computer's network address.
Netscape Corporation has developed a secure form of sockets, called the Secure Sockets Layer (SSL). This standard uses secure tokens to ensure security and privacy in network communications. It provides for encryption during a communications session and authentication of client computers, server computers, or both.
Security concerns often require private networks to be connected to public networks by firewalls. These can reside in a peripheral network zone of an organization's Local Area Network (LAN) known as the Demilitarized Zone (DMZ). They typically include a number of public Internet ports and a single highly monitored choke point connection to the LAN. This architecture allows them to implement a variety of security functions to protect the LAN from outside attacks, and to hide the IP addresses of the computers inside the firewall.
In addition to firewalls, high-traffic web service providers, e-commerce systems, or other large-scale network-based systems often use load balancers. These distribute traffic among a number of servers based on a predetermined distribution scheme. This scheme can be simple, such as a “round-robin” scheme, or it can be based on contents of the packet itself, such as its source IP address.
Load balancers that use a distribution scheme based on packet contents often use a technique known as “stitching.” This type of device typically buffers a portion of a packet received from a client until the relevant part of the packet has been examined, from which it selects a server. It can then send the buffered packet data to the server until its buffer is empty. The load balancer then simply relays any further packet data it receives to the selected server, thereby “stitching” the connection between the client and server.
To improve TCP/IP performance in network devices, some computers have been equipped with hardware-based TCP/IP Offload Engines (TOEs). These offload engines implement some of the TCP/IP functionality in hardware. They generally work in connection with a modified sockets interface that is configured to take advantage of the hardware-based functionality.